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[57] ABSTRACT 

A method for controlling keys used in the verification of 
encoded information generated by a transaction evidencing 
device and printed on a document comprises the steps of 
generating a plurality of random verifier master keys to 
obtain a set of verifier master keys consisting of a fixed 
number of keys; generating at least one pointer by applying 
a psuedorandom algorithm to data unique to the transaction 
evidencing device; calculating a plurality of verifier token 
keys to obtain a verifier token key set corresponding to the 
set of verifier master keys; encrypting the verifier token key 
set with a privacy key; and distributing the set verifier token 
keys and the privacy key to verifiers. The token keys are a 
function of the verifier master keys and a code valid for a 
limited time. The pointer algorithm is an appropriate sym- 
metric key cryptographic algorithm and the code is function 
of a date dependent parameter. The master keys are distrib- 
uted to postal and vendor data centers. 
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[57] ABSTRACT 

A key control system comprises the generation of a first set 
of keys which are then used for a plurality of respective 
postage meters. The keys are then related to a respective 
meter in accordance with a map or algorithm. The keys may 
be changed by entering the second key via an encryption 
using the first key. 
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[57] 



ABSTRACT 



A key control system comprises the generation of a first set 
of predetermined keys K pred which are then used as master 
keys for a plurality of respective postage meters. The keys 
are then related to a respective meter in accordance with a 
map or algorithm. The predetermined master key K prvd is 
encrypted with the date to yield a date dependent key K. dd 
related to the respective meter. The date dependent key is 
encrypted with a unique identifier or the respective meter to 
yield a unique key K^ w/ that is by the respective meter to 
generate digital tokens. The Data Center encrypts the date 
with each predetermined key K pred to yield a table of 
dependent keys K dd s. The table of K d /s are distributed to 
verification sites. The verification site reads a meter's iden- 
tification from a mailpiece being verified to obtain the 
dependent key K dd of the meter. The verification site 
encrypts the dependent key K dd with the unique identifier to 
obtain the unique meter key which is used to verify tokens 
generated by the meter. In the preferred embodiment, the 
master key K pred , the date dependent key K dd , and the 
unique key K^,, in the meter are stored in the meter. In an 
alternate embodiment, the master key K pred is encrypted 
with a unique meter identifier to obtain and the unique key 
Kfinat which is stored in the meter. The meter then generates 
its date dependent kcy dd , which is used to generate digital 
tokens. 
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[57] ABSTRACT 

A method of manufacturing a secure box in a Key Manage- 
ment System that includes a plurality of functionally distinct 
secure boxes initializes a first manufacturing box if one does 
not exist The method creates in a rnanirfacturing box at least 
one logical security domain including encryption keys 
needed to perform Key Management System processes 
within the domain, and provides a target secure box with the 
capability to perform at least one Key Management System 
function from a plurality of functions required by the Key 
Management System Trie method authenticates the target 
secure box to the manufacturing box, installs a unique secure 
box identification in the target secure box, and creates at 
least one logical security domain in the target secure box 
corresponding to a logical security domain in the manufac- 
turing box. The method sends a command from a Key 
Management System computer to initialize the target secure 
box to perform a domain process for at least one of Key 
Management System functions provided within the target 
secure box, and initializes the target secure box in each 
domain process indicated in the command from the Key 
Management System computer. The method installs in the 
target secure box the encryption keys required to perform a 
key generation process within the domain. For example, 
target secure box may be provided with at least one of a key 
verification function, a key installation function, a token 
verification function, a key registration function, or a secure 
box manufacturing function. 
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[57] 



ABSTRACT 



A method of manufacturing transaction evidencing devices, 
such as digital postage meters, includes the steps of gener- 
ating a master key in a logical security domain of a Key 
Management System; installing the master key into a digital 
postage meter; verifying the installation of the master key; 
and registering the master key to a logical security sub- 
domain in the Key Management System. The step of gen- 
erating the master key further includes the steps of gener- 
ating a domain; generating at least one sub-domain; 
installing the domain in secure boxes of the Key Manage- 
ment System; generating a master key and test token within 
the domain; and recording the master key in the domain 
archive. The step of installing the master key further 
includes the steps of installing the master key into a digital 
meter; and associating the master key with a unique device 
identifier. The step of registering the master key to a logical 
security sub-domain in the Key Management System further 
includes the steps of assigning a sub-domain to the digital 
meter; installing a postal identifier into the digital meter, 
associating the postal identifier to the unique device identi- 
fier; generating a registration token in the digital meter based 
on the postal identifier and the unique device identifier; 
generating registration tokens using the master key recorded 
in the archives; verifying that the registration tokens are 
identical; and recording the master key in the sub-domain. 
The steps are repeated for each domain assigned to the 
digital postage meter. 
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[57] 



ABSTRACT 



A method of token verification in a Key Management 
System provides a logical device identifier and a master key 
created in a logical security domain to a transaction evi- 
dencing device, such as a digital postage meter. The method 
creates a master key record in a key verification box, 
securely stores the master key record in a Key Management 
System archive, and produces in the transaction evidencing 
device evidence in the logical security domain of transaction 
information integrity. The method inputs the evidence of the 
transaction information integrity to a token verification box, 
and inputs in the token verification box the master key 
record from the Key Management System archive. The 
method determines in the token verification box that the 
master key is valid in logical security domain, uses in the 
token verification box the master key to verify the evidence 
of transaction information integrity, and outputs from the 
token verification box an indication of the result of the 
verification of the evidence of transaction information integ- 
rity. The master key record includes the logical device 
identifier, the master key and a digital signature associating 
the logical device identifier and the master key. The method 
checks the digital signature to verify the association of the 
logical device identifier and the master key within the 
logical security domain. 
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[57] ABSTRACT 

A system for reliably authenticating a document in- 
cludes a device having a decryption key therein that, 
upon application to information provided by a user, 
reveals not only a plain text message indicating the 
source of the authentication but, in addition, provides 
the decryption key for use with the information pro- 
vided by the mailer. 
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